I think if you’re running it stock than iOS is better for privacy than (most) stock Android ROMs. You can absolutely make Android more private, but you need to mess with it to achieve that.
I don’t know, maybe that’s a controversial opinion ¯\_(ツ)_/¯
I agree with you. Stock Android OSes include so much proprietary bloatware, spyware, and other garbage from OEMs and Google themselves, that its a pretty horrible experience. They don't take privacy and security seriously at all, not even good from a usability perspective either most of the time imo, as it also leads to worse performance and battery life, etc. I would much rather use iOS over like any Stock version of Android, even despite the many problems of iOS.
Only way to make Stock Android somewhat usable is through removing what you can through ADB, but even that is far from ideal and won't solve all of the issues.
Overall though, by far best option is to just use an alternate Android OS like Graphene, beats iOS or Stock Android any day. Though between iOS and Stock Android, if I had to pick, I'd easily choose iOS.
Android has partial sandboxing of applications and a whole bunch of different permission options as to limit to one function. To my understanding iOS limits you to the 1st party app store (without sideloading). I understand why limiting the available apps improves security, but that means you are locked into using a lot of proprietary closed-source apps (which sucks). Apple also requires the use of an Apple account, and I also don't think comparing default configs is worth much because to improve security/privacy I would look at the ceiling of what is possible to harden (I am refering to just basic settings, not dev stuff), as a default is for a general userbase.
With the increasing complexity of machine learning models, even the designers can't understand how it functions (what input leads to a given output). Open source doesn't mean safe at all. And even if it functions as intended, what happens wheb their is a vulnerability (or 0-zero day), or when the device reaches EOSL?